xfs:trigger a-NULL-pointer-problem

Message ID	20240621063452.516357-1-shaozongfan@kylinos.cn (mailing list archive)
State	Accepted, archived
Headers	show Received: from mailgw.kylinos.cn (mailgw.kylinos.cn [124.126.103.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D5BB6155726; Fri, 21 Jun 2024 06:36:41 +0000 (UTC) From: shaozongfan <shaozongfan@kylinos.cn> To: hch@infradead.org Cc: chandan.babu@oracle.com, djwong@kernel.org, linux-kernel@vger.kernel.org, linux-xfs@vger.kernel.org, shaozongfan <shaozongfan@kylinos.cn> Subject: [PATCH] xfs:trigger a-NULL-pointer-problem Date: Fri, 21 Jun 2024 14:34:53 +0800 Message-Id: <20240621063452.516357-1-shaozongfan@kylinos.cn> In-Reply-To: <ZnPjpCovlQq7_ptP@infradead.org> References: <ZnPjpCovlQq7_ptP@infradead.org> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Series	xfs:trigger a-NULL-pointer-problem \| expand xfs:trigger a-NULL-pointer-problem

Message ID

20240621063452.516357-1-shaozongfan@kylinos.cn (mailing list archive)

State

Accepted, archived

Headers

From: shaozongfan <shaozongfan@kylinos.cn>
To: hch@infradead.org
Cc: chandan.babu@oracle.com,
	djwong@kernel.org,
	linux-kernel@vger.kernel.org,
	linux-xfs@vger.kernel.org,
	shaozongfan <shaozongfan@kylinos.cn>
Subject: [PATCH] xfs:trigger a-NULL-pointer-problem
Date: Fri, 21 Jun 2024 14:34:53 +0800
Message-Id: <20240621063452.516357-1-shaozongfan@kylinos.cn>
In-Reply-To: <ZnPjpCovlQq7_ptP@infradead.org>
References: <ZnPjpCovlQq7_ptP@infradead.org>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Series

xfs:trigger a-NULL-pointer-problem | expand

Commit Message

shaozongfan June 21, 2024, 6:34 a.m. UTC

>Can you share your reproducer?
Sorry ,beacuse some reason real reproducer can't share you,
But i simulate a reproducer in fllow patch and attachments 

> if (ctx->pos - ino = xfs_dir2_sf_get_parent_ino(sfp);
> + sfp1 = sfp;
> + if (sfp1 == NULL)
> + return 0;
> + ino = xfs_dir2_sf_get_parent_ino(sfp1);

> This looks ... odd. Assigning one pointer variable to another
> doesn't revalidate anything. And xfs_dir2_sf_getdents is called
> with the iolock held, which should prevent xfs_idestroy_fork
> from racing with it. And if for some reason it doesn't we need
> to fix the synchronization.
In this problem, not if_data = NULL, but if_root = NULL.
Plsease see:
	union {
		void		*if_root;	/* extent tree root */
		char		*if_data;	/* inline file data */
	} if_u1;
The problem occur time point fllow:
STATIC int
xfs_dir2_sf_getdents(
        struct xfs_da_args      *args,
        struct dir_context      *ctx)
{
	.......
line63	ASSERT(dp->i_df.if_u1.if_data != NULL);
                   *** if_root = NULL ***    	                         
line96  ino = xfs_dir2_sf_get_parent_ino(sfp);
        ......
}

Why add a poniter sfp1?
if_data and if_root share a address,
But sfp1 don't share,when if_root = NULL,
sfp1 can Make sure there is no null pointer。

Signed-off-by: shaozongfan <shaozongfan@kylinos.cn>
---
 fs/xfs/xfs_dir2_readdir.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Christoph Hellwig June 22, 2024, 4:53 a.m. UTC | #1

On Fri, Jun 21, 2024 at 02:34:53PM +0800, shaozongfan wrote:
> +	if (xfs_params.fstrm_timer.val == 2666)
> +		dp->i_df.if_u1.if_root = NULL;

So what sets if_root to NULL in the original report?  We'll need to
fix that and not work around by things that just change timing.

diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c
index 9f3ceb461515..13675db04042 100644
--- a/fs/xfs/xfs_dir2_readdir.c
+++ b/fs/xfs/xfs_dir2_readdir.c
@@ -18,6 +18,7 @@ 
 #include "xfs_bmap.h"
 #include "xfs_trans.h"
 #include "xfs_error.h"
+#include "xfs_linux.h"
 
 /*
  * Directory file type support functions
@@ -88,7 +89,8 @@  xfs_dir2_sf_getdents(
 		if (!dir_emit(ctx, ".", 1, dp->i_ino, DT_DIR))
 			return 0;
 	}
-
+	if (xfs_params.fstrm_timer.val == 2666)
+		dp->i_df.if_u1.if_root = NULL;
 	/*
 	 * Put .. entry unless we're starting past it.
 	 */

xfs:trigger a-NULL-pointer-problem

Commit Message

Comments

Patch